I thought I’d lead you on a backward journey to explore some of my favorite posts. Just for fun, notice the year some of these posts were written.
I’ve picked several posts that are a bit different from each other. Most likely, you haven’t seen most of these posts.
Filed under ACL, Audit, Case Files, How to..., Humor/Irony, Quote of the Weak, Security Scout, Technology
This post contains my response to my earlier post, ‘ChatGPT Channels Elon Musk RE: Data Analytics’.
First off, I liked the disclaimer which said that ChatGPT can mimic Elon Musk, but don’t expect perfection.
So in this case, ‘Chatty’ is saying take this with a grain of salt. Lately, Chatty has been getting a lot of press regarding sounding too authoritative and just plain making things up. So when Chatty is having fun, you get a disclaimer. Otherwise, you better believe what it says. Interesting.
This post is in response to Xavier and Grant, who were kind enough to push back a bit on a previous post, Abandon ACL and Others? See their comments on that post.
I will respond to some of their points and reveal some more of my thinking as to why I believe that auditors need to become a LOT more technical.
Some may think I am just digging my hole a little deeper, but I’ve always loved the journey.
Previously, I published an article written by ChatGPT regarding whether internal audit performs an adequate amount of data analytics and in the appropriate depth.
The reader who sent me that article also asked ChatGPT to write the same article as if Elon Musk wrote it.
So I’m publishing the ‘Musk’ article too, mostly for fun. I realize that ChatGPT can do a lot more impressive things than this, but this relates directly to audit and is simple.
I’ve never heard or read anything about Musk’s opinion on analytics (couldn’t find anything).
Filed under artificial intelligence (ai), Audit, Blogging, Data Analytics, Data Science, Technology
Just for fun, one of my readers asked ChatGPT to write an article analyzing how internal audit uses data analytics (love that alliteration).
If you’re new to ChatGPT, go here, and remember to scroll down.
This reader (who wishes to remain anonymous) asked ChatGPT to write about whether internal audit performs an adequate amount of data analytics and in the appropriate depth.
This person sent the result to me, and after reading it, I decided to publish it here.
For the past few years, I’ve been outspoken about auditors that 1) don’t do much data analysis, OR 2) rely only on tools like ACL, IDEA, Arbutus, and the like to do their data analysis.
In this post, I’m going to provide some reasons auditors should not rely on only on these tools. I’ve dealt with this before, but I want to look at it from some different angles.
In this post, I’m speaking only to auditors, as they alone are called to audit the technology and processes their companies use.
In this post, when I mention ‘ACL+’, I am referring to ACL, IDEA, Arbutus, and any other tool that typically only auditors use. I’m also including ACL ‘Robotics’ in this list.
In this post, I’m going to step on people’s toes, but my readers should be used to that by now.
Filed under ACL, Audit, Data Analytics, Data Science, Excel, Machine Learning, Python, Scripting (ACL), Technology
In this fourth post of the Python Journey, I want to discuss WHY I keep going on these journeys despite poor management support. And how I stay sane doing it.
While this post goes beyond my Python journey, previous journeys have been very similar, so in a sense, it has been one looong journey.
My first journey started with ACL, then came SQL, databases, virtual machines and virtual servers, and a host of other technologies, and finally Python and machine learning, all of which I pretty much learned/am learning on my own.
Not only because my audit management didn’t have much foresight or vision, but also because company management approved and launched tools without much guidance or training. Yeah, really.
So what keeps me going and why do I stay here?
Filed under ACL, Audit, Data Analytics, Data Science, Humor/Irony, Python, Technology
In my first Python post, I described the first steps of my python journey.
In my second Python post, I shared my thoughts about whether auditors could learn programming and Python (yes).
In this third post of the series, I want to describe how my audit management has supported my Python journey (spoiler: poorly).
In my previous Python post, I described the first steps of my python journey.
In this post, I want to respond to Grant’s comments that he left here re: auditors getting into programming, and specifically python.
[For my readers who don’t know, Grant is the founder, President and Chief Architect of Arbutus Software Inc, which specializes in audit analytics (he usually doesn’t mention that he was involved in writing the first versions of ACL too).
So his words have experience to back them up, and while I’m flattered he pops in here and there to comment on my little blog, I don’t hesitate to disagree with him occasionally .]
Here’s a look back at the most popular blog posts of 2021 according to the number of times readers opened those posts. It’s been a long time since I’ve done a best blogs post…
Some of these posts are oldies, and yet they are still pulling in plenty of traffic. Check out the list, and see if you missed any of them, especially new readers.
Filed under ACL, Audit, Blogging, Certification, Data Analytics, Employment, Excel, Free, Free Download, How to..., Security, Technology
If you want to increase the effectiveness of your audits and find risks that haven’t been identified before, you need to shatter your silos so you can identify more risk.
Too often, audits are performed on one process, one category, or one system: Earning Commissions, Windows Servers, or Wire Transfer. Each one of those is a separate silo (one for oats, one for corn, one for rice).
Filed under Audit, Data Analytics, fraud, How to..., Technology
While installing and configuring some new software on my Windows server, I noticed that the IT department forgot to remove some previous software components from my server.
I remember seeing the notice that the software was being uninstalled and replaced by another package.
I could have removed the left over components myself (I am admin on the server), but I wanted to see if they would ever be removed. Did the Windows server team forget about this, or did the team not concern itself with such things? Maybe the procedures don’t include a process to ensure all components are removed.
I waited about 2 months, but the components were not removed.
Filed under Audit, Case Files, Security, Security Scout, Technology
I recently posted about 4 common AI fallacies or myths regarding artificial intelligence (AI). I wanted to dive a little deeper into some of these myths, and discuss why AI will NOT take over the world.
First of all, it is easy to fear what we don’t really understand, especially when some people push the narrative of computers becoming ‘aware’, which would result in them dominating the human race.
Filed under artificial intelligence (ai), Data Science, Machine Learning, Technology
An article posted on MachineLearningTimes.com discusses 4 common fallacies or myths regarding artificial intelligence (AI). These misconceptions lead to many misunderstandings and fear* regarding AI.
Wikipedia defines AI as “intelligence demonstrated by machines, unlike the natural intelligence displayed by humans and animals, which involves consciousness and emotionality.”
I like Investopedia’s definition better*: “the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions.”
In the post, Melanie Mitchell, Davis Professor of Complexity at the Santa Fe Institute and author of Artificial Intelligence: A Guide For Thinking Humans, lists the 4 most common fallacies that I would summarize as follows:
Filed under Data Science, Machine Learning, Technology
When you’re trying to get a data science job, you need experience, but to get experience, you need a job, right? Not always, and this is the case for many jobs, not just data science.
But in data science, you can generate the experience you need yourself.
You might have seen one of my earlier posts, How to get an IT Audit job with little or no experience. Let me say from the beginning that getting an IT audit job with no experience is easier than a data science job with no experience. But according to an article from KDnuggets, it can be done. And like everything else, it takes hard work.
The article defines data science as “an interdisciplinary field that focuses on solving problems and gathering information.”Â
Filed under Audit, Blogging, Data Analytics, Data Science, Employment, Free, How to..., Technology
Diligent’s acquisition of Galvanize (ACL) is another nail in the ACL analytics coffin.
First, ACL acquired another company and created Galvanize. And we were told governance, risk, and compliance (GRC) would never be the same.
And I told you that ACL analytics would never be the same. In fact, I predicted that this acquisition meant that ACL analytics was dying (when I say ACL analytics, I’m referring to the Windows desktop version that they built the original company on).
For more on this, see ACL Officially Changes Name & Spots and Is ACL Analytics Dying?
Filed under ACL, Audit, Data Analytics, Scripting (ACL), Technology, Written by Skyyler
It seems to me that auditing as a profession is not full of critical thinkers, much less thinkers.
If you read my last post about auditor judgment, I’m struggling with some of the junior auditors that I’m working with.
But I’m also struggling with quite a few of the senior auditors that I work with, those that are my peers (which means they peer at what I’m doing and how I’m doing it and then continue on their merry paths).
I came to this opinion based on most of the auditors I’ve met through the years across many companies, small and big, and across sectors, including public service. And also by the many articles calling for the profession to do more critical thinking, and yes, it is needed.Â
But let’s start with plain old thinking (walk before run).
Filed under Audit, Data Analytics, Excel, Humor/Irony, Technology
We recently acquired a new data analysis tool in our department, which prompted some of our newbie auditors to share their misunderstanding of auditor judgment and basic data analysis.
A group of less experienced and newer auditors were selected to try out the new tool before it was rolled out department-wide.
 If you’re not familiar with my ‘Quote of the Weak’ series, I described it briefly in About. For a list of posts in this series, see here. If you haven’t seen one of these posts before, it’s because I haven’t had one in a while…
Filed under Audit, Data Analytics, Humor/Irony, Quote of the Weak, Technology
I’ve written before how some periodic reviews provide management with little assurance, but management doesn’t realize how little.
My previous post focused mostly on server access. In this post, I want to look at normal user access.
For example, let’s assume your company has a policy that states that all IDs must be assigned within an Active Directory group. In other words, IDs are assigned to groups, and groups are assigned to assets; IDs should not be assigned directly to an asset.
Assume the control you are testing states that user access is reviewed annually.
Filed under Audit, Security, Technology
When auditors need to identify and understand IT controls, they search the company intranet, review policies, look for Github repositories, review inventories, schedule meetings, and analyze IT asset data.
I stumbled on a better way to get insight into the IT controls in my company, and I didn’t have to email anyone, do any research, or frankly, anything outright. The IT controls came after me.
Fortunately, the IT controls were blind to the fact that I am an IT auditor. To them, I was just an ordinary bloke. But that didn’t last long (more on that later).
It Began a Few Years Back
It all started a couple years ago when I was building the infrastructure required to support our data analytic efforts in internal audit.
Filed under Audit, Case Files, Security, Technology
It’s official: ACL is changing its name AND its spots.
I’ve claimed several times that ACL has left its first love (analytics) and doesn’t put enough work into their flagship product, ACL Analytics.
Correction: their FORMER flagship product.
At least they are publicly admitting it finally–they NO LONGER are an ANALYTICS company!
Filed under ACL, Data Analytics, Excel, Technology, Written by Skyyler
If you are in IT, audit, or security (or any other job requiring data analysis), you should NOT be cleaning data manually.
Let me share a recent experience with you….
A young IT auditor texted me at work and asked for some Active Directory user account data that I capture automatically every week, using some scheduled ACL scripts.
If you’re not familiar with my ‘Quote of the Weak’ series, I described it briefly in About. For a list of posts in this series, see here.
Filed under Audit, Case Files, Data Analytics, Excel, How to..., Quote of the Weak, Security, Technology
Test how much you know about automation technologies by taking the job automation quiz at Financial Management magazine.
Filed under Audit, Free, Security, Technology
Contrary to what ACL has been touting as their new ‘robotics’ feature, it is NOT robotics process automation (RPA).
[The ‘robotics’ feature is due out later in 2018. It appears to be ACL’s latest attempt to get you to use their GRC software.]
ACL, via John Verver, defines the term this way in his RPA article: “The idea is a relatively simple one: get computers to perform tasks normally performed by humans, and cut resource and time requirements for many repetitive activities.” Continue reading
Filed under ACL, Audit, Data Analytics, Scripting (ACL), Technology
To increase the amount and depth of the analytics performed, steal some agile methods, and apply them to your audits.
If you’re not familiar with agile methods, check out the first 5 topics listed here (just click Next at the bottom of each page; the topics are quick to the point and full of pictures).
Briefly, agile projects are performed in cycles, or iterations, rather than in a long, linear-waterfall fashion, which is: do all planning, then field work, then reporting. Each iteration of the project creates some value and includes feedback, which is used in the next iteration to increase the value of the project.
Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler
A while back, a reader named Kyle and I had a conversation about analytics.
It started with his reading my Excel:Basic Data Analytics post where I list a number of procedures that anyone can do in Excel.
Kyle said he was expecting some “super sophisticated process & methodology that works like magic.”
Filed under Audit, Data Analytics, Technology
In the previous post, Create a Team for Audit Analytics? Part 2, I explored the pros and cons of expecting all auditors to develop a level of data and analytic proficiency.
These auditors would continue to do audit testing that involves analytics as well as testing that does not involve analytics. In addition to keeping up their business skills, they would be learning and upgrading their data analytic skills.
In the first post of this series, I reviewed some of the pluses and minuses of creating a dedicated analytics team.
However, a third option exists, which is sort of a hybrid between having dedicated analytic auditors doing all the analytic work and requiring everyone to increase and develop their data and analytic skills.
Let’s explore the hybrid method in this post, and wrap up the series with a few final thoughts.
This is the third post of a 3-part series…
Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler
In the previous post, Create a Team for Audit Analytics? Part 1, I explored the pros and cons of developing an analytics team.
This team consists of analytic auditors who are dedicated to analytic projects; they would NOT typically manage audits or testing that did not include analytics.
In this post, let’s explore another option for managing and growing analytics in an audit department — expecting all auditors to develop a level of data and analytic proficiency.
This is the second post of a 3-part series…
Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler
Once your audit team has proven the value of doing analytics consistently, the next question is: Do we create an analytics team and have the team do all (or the majority) of the analytics?
Or should we expect all auditors to develop some levels of analytics proficiency?
Of course, this question often comes a bit further down the trail on the analytics journey, but I think the sooner it is decided, the better.
This is the first post of a 3-part series…
Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler
Building a successful audit analytics program is like climbing a staircase.
The staircase is a set of steps that consist of several items having increasing levels of maturity.
The staircase steps not only help you build your program, but enable you to measure that maturity.
As you view the staircase graphic, mentally insert the word “analytics” before each step.
Filed under ACL, Audit, Data Analytics, How to..., Technology, Written by Skyyler
Here’s the 5 things I’m hoping will change in 2018 regarding ACL.
They are all related to each other and feed off each other…
Interesting.
Filed under ACL, Audit, Data Analytics, Excel, Scripting (ACL), Technology, Written by Skyyler
If you’ve ever wondered what Audit Command Language (ACL) is, here’s a quick way to find out.
ACL has provided a quick, one-page introduction to ACL. And I mean quick.
It doesn’t explain a lot, but it gives you a quick peek at the basic user interface.
You could call it the ACL Overview for Dummies.
Filed under ACL, Audit, Data Analytics, Technology
At a company I worked at recently, I ran across a Sharepoint site and wondered whether I could download data that I wasn’t supposed to see.
Now I understand the purpose of SharePoint and company intranets is to share data, but even then, some data should be restricted to a limited number of people.
So I decided to check (before doing things like this, you better know How to Stay Out of Jail).
Filed under Audit, Excel, How to..., Security, Security Scout, Technology
If YOUR audit department doesn’t embrace data, analytics, and automation eventually, your audit department will NOT exist.
No data, no analytics. No analytics, no automation. Eventually, no audit department.
Editor Note: This post really applies to all departments in a company, but mainly I’m addressing auditors, but you might want to read between the business lines….
By embrace, I don’t mean have one or two auditors working on this. I mean the entire department.
Before you cite all the regulatory requirements mandating the existence of an audit department in companies, having an audit department in name only won’t cut it.
Having an inept audit department will not be acceptable to regulators, and it shouldn’t be acceptable to company management either. Or Audit Committees!
Companies need skilled and efficient auditors that can do the heavy lifting, and this need will only increase.
Filed under Audit, Data Analytics, Employment, Technology, Written by Skyyler
Some Chief Audit Executives (CAEs) and audit managers tend to think that audit automation is a set-it-and-forget-it process. NOT.
In this post, I want to expand on a problem I mentioned in an earlier post , 10 Signs Mgmt Doesn’t Really Support Analytics.
Audit management too often thinks that once a process or an audit is automated, ALL auditor/staff hours previously spent performing that process can be reassigned elsewhere.
That is not the case at all.
Filed under ACL, Audit, Data Analytics, Scripting (ACL), Security, Technology, Written by Skyyler
Passing the CISA exam does not make you a good IT auditor anymore than passing a driving test makes you a good driver.
Passing either exam says that you know the basics, but you still have a lot to learn.
Most likely, you still don’t know how and when to use what you know and apply it to the current situation. That’s why experience is necessary. Lots of it.
I’m going on a rant here, so reader beware. If you read on, make sure you hang in there until I make my main point in the end.
You just won’t feel the love right away…
Filed under Audit, Certification, Employment, How to..., Technology, Written by Skyyler
Previously I wrote Will Robotics (RPA) Replace ACL?
The short answer is no, and I describe the reasons in that post.
But that doesn’t mean someone won’t try.
Shortly after I wrote my original robotics post, I encountered robotics vs. ACL, part 2.
Filed under ACL, Audit, Scripting (ACL), Technology
Your management says it wants more analytics, but does it really support analytics? Here’s 10+ signs that indicate that your mgmt:
Filed under Audit, Data Analytics, How to..., Technology, Top 10, Written by Skyyler
Here’s a list of all my posts to-date related to becoming or growing as an IT Auditor, all in one place for easy reference.
I’ll add other posts as they are written.
Filed under Audit, Employment, How to..., Security, Technology
If you’re looking for an IT Audit job, here’s how to use LinkedIn to get noticed.
In a nutshell, you need to enhance your LinkedIn profile so that everyone knows you’re working hard at learning IT auditor skills.
If you’re already working as an IT auditor, use these suggestions to get noticed more and move ahead (or into another company with more opportunities).
Filed under Audit, Certification, Employment, How to..., Technology
In my last post, I described Why Internal Auditors Should Care about Robotic Process Automation.
In this post, I’ll explore whether RPA can replace analytic packages like ACL, IDEA, R, and Power BI.
That might seem like a strange question, but a few managers and a VP have asked me just that recently. Here’s how I’ve answered it.
Filed under ACL, Audit, Data Analytics, Employment, Scripting (ACL), Technology
What is Robotics Process Automation (RPA) and why should internal auditors care about it?
RPA is software that imitates human interaction with computer systems to accomplish tasks.
RPA can log into multiple systems, navigate through user interfaces or command line functions to add, update, or download data, create tickets, place orders, or basically anything else a human can do.
Except think (and some vendors would disagree with that).
Filed under Audit, Data Analytics, Employment, How to..., Technology
I get asked all the time, “How do I get a job in IT audit with little or no experience?”
When Michael Onuoha asked me this question (see here), I thought I’d share my response with my readers.
You’ll find these same answers scattered around the blog as I answered people in the past, but I thought I’d pull it all together into one place.
Breaking into any field can be difficult, but it can be done. Especially when the demand for IT auditors is so high.
Filed under Audit, Certification, Employment, How to..., Technology
Before you choose a career as an IT auditor, consider my top 10 reasons why being an IT auditor is so hard.
Filed under Audit, Employment, Technology, Top 10
Recently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).
I couldn’t find much on the Internet on this topic, but there’s a lot of options.
I’ve actually worked in quite a few of the areas mentioned below…
Filed under Audit, Employment, How to..., Technology
It’s 10 o’clock in the cloud. Do you know where all your user IDs are? Are some hidden in the cloud?
Cloud security if often cloudy because it’s not on premise where you can control it easier.
That means you may have powerful user IDs in the cloud that your security team knows nothing about, which means….
Filed under Audit, Case Files, Technology
If you’re an auditor and you are not yet using Excel PowerPivot, you are missing the next greatest thing since spreadsheets arrived.
If you are NOT an auditor, and you don’t use PowerPivot, you’re in the same boat with the auditors mentioned above, and it is sinking.
In other words, if you use Excel, you should be learning Excel PowerPivot. It’s that big.
Let me explain why.
NOTE: I updated this post quite a bit with new info…
Filed under Audit, Data Analytics, Excel, Free, Technology
If you’re an auditor, you need data analytic skills or you will die.
Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.
Pretty bold statement, isn’t it?
Filed under Audit, Data Analytics, Employment, Free, Technology, Written by Skyyler
If you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.
These posts will:
If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.
Filed under Audit, Certification, Employment, Excel, Free, How to..., Humor/Irony, Technology
About a decade ago, I personally witnessed the handover of the simplest, cheapest, and most effective disaster recover plan ever.
Let me first give you a little background….
I worked for a great IT director, who moved to another company, much bigger, and brought me with him.
In the new company, he again was responsible for all IT, and he brought me along to manage security and disaster recovery.
If I named this company, at least 25% of you would recognize it, even those of you around the world–true story, too.
Filed under Case Files, Humor/Irony, Security, Security Scout, Technology
ITauditSecurity 